[CentOS] httpd failed with a new install of 5.0
Gregory P. Ennis
PoMec at PoMec.Net
Wed Jul 25 14:45:34 UTC 2007
On Sun, 2007-07-22 at 16:12 -0500, Gregory P. Ennis wrote:
> On Sun, 2007-07-22 at 22:21 +0200, Ralph Angenendt wrote:
> > Gregory P. Ennis wrote:
> > > [Sun Jul 22 13:04:32 2007] [warn] RSA server certificate CommonName (CN)
> > > `localhost.localdomain' does NOT match server name!?
> > > [Sun Jul 22 13:04:32 2007] [error] Unable to configure RSA server
> > > private key
> > > [Sun Jul 22 13:04:32 2007] [error] SSL Library Error: 185073780
> > > error:0B080074:x509 certificate routines:X509_check_private_key:key
> > > values mismatch
> > >
> > > The ssl errors were present on the old system so I was not too worried
> > > about those.
> > Your ServerName isn't the same as the one which is present in the
> > certificate. SSL does not really like that. And it is good to be
> > stricter about that.
> > > I turned off selinux with out a change in symptoms.
> > Yes, as that error clearly hasn't anything to do with SELinux.
> > > Anyone's ideas would sure be appreciated !!!
> > As that seems to be a selfsigned certificate: Create a new one with the
> > server's fqdn in the Common Name filed (www.example.com, for example).
> > tinyca2 (which is available from the rpmforge repository) makes creation
> > of new certificates really easy.
> > Also the "HOWTO" section on
> > <http://www.modssl.org/docs/2.8/ssl_howto.html> has some information.
> > Cheers,
> > Ralph
> Thanks for the suggestion to use tinyca2.... great utility!!!!! The
> link was also excellent.
> Unfortunately, I am going to give up on a fix for the failure of httpd
> and do a repeat install. This is my 4th install of CentOS 5.0 and
> everything has worked perfectly before. I am sure it must be related to
> something I have done during my configuration setup, but I can not find
> the error for now.
> Back to the Salt mines!!!
I wanted to submit a follow up note to this thread. It turned out that
Ralph's suggestion provided the solution. I did a repeat installation,
checked httpd at the beginning of the installation it it worked fine.
After the updates and after some setup changes I made httpd failed again
in the same manner as before. I finally created my own certificates
(httpd) with make-dummy-cert and modified /etc/httpd/conf.d/ssl.conf
with the following additions
The httpd-bundle had to be created with a script :
echo "Creating : $OUTPUT"
openssl x509 -in $1 -noout -text > $OUTPUT
cat $1 >> $OUTPUT
httpd is working perfectly now. I am still not sure why httpd worked on
other installations I have done without this, but as Ralph mentioned the
certs really needed to be updated anyway.
More information about the CentOS